I genuinely wonder for ProtonMail (and anything web-based, really): isn't it a fact that if I use ProtonMail, my browser will download and execute a client every time? In the sense that I don't actually know what code my client is running. ProtonMail could totally decide to serve me a client that actually leaks data, and I would not know it unless I somehow save and audit the client every. single. time.
If I use e.g. Signal, I can of course build it from sources I trust, or download it from the Play Store and trust that Google won't send me a modified version of it (at least it seems less likely and harder to pull).
Am I wrong in considering that web-based clients cannot really be considered secure?
some_furry|1 year ago
What. is. your. threat. model?
palata|1 year ago
If I use e.g. Signal, I can of course build it from sources I trust, or download it from the Play Store and trust that Google won't send me a modified version of it (at least it seems less likely and harder to pull).
Am I wrong in considering that web-based clients cannot really be considered secure?
claudiojulio|1 year ago
oguz-ismail|1 year ago
[deleted]